javascript facebook从cookie php自动重新登录
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6119300/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
facebook auto re-login from cookie php
提问by benck
My website uses Facebook connect for login and the session lifetime on my server is 3600.
我的网站使用 Facebook 连接进行登录,我的服务器上的会话生命周期为 3600。
I'm using Client-Side Flow(javascript) redirect to login.php, and login.php retrieve cookies (set by javascript) to get access token.
我正在使用客户端流(javascript) 重定向到 login.php,然后 login.php 检索 cookie(由 javascript 设置)以获取访问令牌。
However, if a user is idled over 3600 seconds, the session on my server expires. ($_SESSION['uid'] does not exists.) How can my login.php check the user has already logged in Facebook(not my app) or not?
但是,如果用户空闲超过 3600 秒,我服务器上的会话就会过期。($_SESSION['uid'] 不存在。)我的 login.php 如何检查用户是否已经登录 Facebook(不是我的应用程序)?
The solution I'm using is to redirect the user to my javascript page, and "onStatus function" would be automatically trigged by facebook.
我使用的解决方案是将用户重定向到我的 javascript 页面,“onStatus 函数”将被 facebook 自动触发。
I'm searching for a solution which can all be done with login.php to automatically relogin my website if he or she has logged in Facebook (without redirecting to javascript page). Is is possible?
我正在寻找一种解决方案,如果他或她已登录 Facebook(无需重定向到 javascript 页面),则可以使用 login.php 自动重新登录我的网站。有可能吗?
javascript:
javascript:
FB.init({appId: 'MY_APP_ID', status: true, cookie: true, xfbml: true});
FB.getLoginStatus(function(response) {
onStatus(response);
FB.Event.subscribe('auth.statusChange', onStatus);
FB.Event.subscribe('auth.login', reloadPage);
});
function onStatus(response) {
if (response.session) {
window.location.href = '/login?fb';
}
}
function reloadPage(response) {
if (response.session) {
window.location.href = '/login?fb';
}
}
PHP (for login):
PHP(用于登录):
function get_facebook_cookie($app_id, $app_secret) {
$args = array();
if(!isset($_COOKIE['fbs_' . $app_id]))
return false;
parse_str(trim($_COOKIE['fbs_' . $app_id], '\"'), $args);
ksort($args);
$payload = '';
foreach ($args as $key => $value) {
if ($key != 'sig') {
$payload .= $key . '=' . $value;
}
}
if (md5($payload . $app_secret) != $args['sig']) {
return false;
}
return $args;
}
$cookie = get_facebook_cookie(MY_APP_ID, MY_APP_SECRET);
if($cookie){
if($result = @file_get_contents("https://graph.facebook.com/me/?access_token=".$cookie['access_token'])){
$result = json_decode($result, true);
$_SESSION['uid'] = $result['id'];
}
采纳答案by benck
I've figured out a way to do so. To iframe the following page in all pages.
我已经想出了一种方法来做到这一点。在所有页面中对以下页面进行 iframe。
When the access token gave by facebook through cookie expires, page in iframe auto refresh. And FB.init() would set up a new access token(cookie) for my app.
当 facebook 通过 cookie 提供的访问令牌过期时,iframe 中的页面会自动刷新。FB.init() 将为我的应用程序设置一个新的访问令牌(cookie)。
In my php files, just check the cookies as first connected.
在我的 php 文件中,只需在首次连接时检查 cookie。
fb_keepalive.html:
fb_keepalive.html:
<div id="fb-root"></div>
<script type="text/javascript" src="https://connect.facebook.net/zh_TW/all.js"></script>
<script type="text/javascript">
FB.init({appId: 'APP_ID', status: true, cookie: true, xfbml: true});
FB.getLoginStatus(function(response) {
onStatus(response);
});
function onStatus(response) {
if (response.session) {
var timestamp = new Date().getTime();
var expires = response['session']['expires'] * 1000;
if(expires - timestamp >= 0){
setTimeout(function(){window.location.reload();}, expires - timestamp);
}
}
}
</script>
回答by chris
Im still a newb to FB connect and that whole process but I wanted to put my 2 cents in. I have seen a few sites strictly built on users having FB so them being logged in or not to FB applies to the particular sites I mention. I have noticed if I am logged in on FB and have connected with those sites in the past then I am automatically logged back into said site same logic applied if im not logged in.
我仍然是 FB 连接和整个过程的新手,但我想投入 2 美分。我看到一些网站严格建立在拥有 FB 的用户上,因此他们登录或不登录 FB 适用于我提到的特定网站。我注意到如果我登录 FB 并在过去与这些站点连接过,那么我会自动重新登录到所述站点,如果我没有登录,则应用相同的逻辑。
That said I assume this means FB has a recognizable cookie that can be detected somewhere, where if detected you can likely use it in your script to get the users to be auto logged in past that 3600 mark. I know from twitter and linkedin that they have user auth tokens that identify each user that can ultimately be stored in a DB and reused later So I think maybe your going to want to look into that a bit more with FB as Im sure that has to be the case with FB as well. Where you store this token thats associated with a user where you can find that if the cookie previously mentioned was found, then check for that auth token. Im sorry if this doesnt make much sense Im running on fumes here. If i was any better with the FB stuff I'd try to offer more help but I am in the very basic stages of understanding how I can interact with FB and a non fb site.
也就是说,我认为这意味着 FB 有一个可识别的 cookie,可以在某处检测到,如果检测到,您可能可以在脚本中使用它来让用户自动登录超过 3600 标记。我从 twitter 和linkedin 知道他们有用户身份验证令牌来识别每个用户,这些令牌最终可以存储在数据库中并在以后重复使用所以我想也许你会想要更多地研究一下 FB,因为我确定必须这样做FB的情况也是如此。您在哪里存储与用户相关联的令牌,如果找到了前面提到的 cookie,您可以在其中找到该令牌,然后检查该身份验证令牌。如果这没有多大意义,我很抱歉我在这里冒烟。如果我对 FB 的东西更好
回答by Quentin
While keeping the client side flow, you can use the Facebook PHP SDK (see on github) for dealing with the user session.
在保持客户端流程的同时,您可以使用 Facebook PHP SDK(参见 github)来处理用户会话。
$facebook = new Facebook(...);
// Get the User ID
$user = $facebook->getUser();
$usernot null means that the user is logged in Facebook and authenticated. You don't need anymore the PHP you gave here (get_facebook_cookieand stuff) : it is all included in the Facebook PHP SDK. It should be enough for you.
$usernot null 表示用户已登录 Facebook 并通过身份验证。您不再需要您在此处提供的 PHP(get_facebook_cookie以及其他内容):它都包含在 Facebook PHP SDK 中。对你来说应该足够了。
Going further : if you want to make API calls for that user.
更进一步:如果您想为该用户进行 API 调用。
$usernot null does not mean you have a valid access token for this user. One way to test if you have a valid access token is the try to make an API call :
$user不为空并不意味着您有此用户的有效访问令牌。测试您是否拥有有效访问令牌的一种方法是尝试进行 API 调用:
$isvalid;
try {
$facebook->api('/me');
$isvalid = true;
} catch (FacebookApiException $e) {
$isvalid = false;
}
